Hello and welcome to the latest cybersecurity news wrap-up. Here’s the latest.
Microsoft was in the bullseye for the second week in a row due to the ongoing concerns about Exchange Server vulnerabilities. A security flaw in Exchange has allowed hackers to infiltrate the servers of thousands of U.S organizations – perhaps as many as 60,000. The company released patches on March 2nd to tackle four severe vulnerabilities.
The vulnerabilities in Microsoft Exchange Server are being actively exploited by a state-sponsored threat group from China and appear to have been adopted by other hackers in widespread attacks. Microsoft believes the vulnerabilities are being used as part of an attack chain. It also told security expert Brian Krebs the company first became aware of the four zero-day bugs in "early" January.
Silicon Valley-funded security camera startup, Verkada Inc., also had a rough week as it disclosed it was the victim of a data breach. Stories are circulating which suggest that hackers gained access to 150,000 security cameras. The breach enabled hackers to successfully access video feeds from the likes of Tesla and Cloudfare to several hospitals and even the Sandy Hook Elementary School in Connecticut, the site of the 2012 mass shooting.
In Europe, a Spanish government agency that manages unemployment benefits was the victim of a ransomware attack. The intrusion into Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments. A union representing the employees have claimed SEPE has aging IT systems the agency had not upgraded. The agency’s director said the incident has not led to the theft of personal data.
Finally, in some positive news, we are starting to see police crack down on hackers worldwide. In Belgium, the Federal Police announced they have decrypted around half a billion messages sent by users of Sky ECC, an encrypted phone company heavily used by criminals. Then, in South Korea, the country’s National Police Agency announced on Tuesday the arrest of a suspect involved in the distribution of thousands of emails laced with GandCrab. Police say the un-named, supposedly 20 year-old suspect set up internet domains to distribute malicious code and netted more than $10,000 from the ransomware attacks.
Their investigation began when South Korean officials spotted malicious emails impersonating the police to distribute the ransomware. File under: Stupid criminal stories.
That’s a wrap for the week. Wishing everyone a great weekend!
Top Global Security News
The Washington Post (March 11, 2021) More hackers jump to take advantage of a widespread Microsoft security flaw
"Government officials and cybersecurity experts are scrambling to stem the damage from a security flaw in Microsoft Exchange that has allowed hackers to infiltrate the servers of at least 30,000 U.S. organizations.
Since Microsoft and cybersecurity firm Volexity first attributed the breach to Halfnium, a group of hackers they tied to China, cybersecurity researchers say there are more groups getting in on the action.
'It’s a frenzy,' says Steven Adair, president of Volexity, which first discovered the problem.
Adair described the race to take advantage of the tens of thousands of servers that have not yet been secured as 'a golden opportunity.'"
Vice (March 10, 2021) Belgian Police say they decrypted half a billion 'sky' messages, arrested 48 people
"The Belgian Federal Police say authorities have decrypted around half a billion messages sent by users of Sky ECC, an encrypted phone company heavily used by criminals, the agency announced in a press release on Wednesday.
The news provides more information on the contours of an operation against Sky. On Tuesday, Belgian media reported a spike in law enforcement activity and that tens of thousands of Sky messages had been read in real-time. Sky then claimed to Motherboard it believed the source was a rogue version of its app installed on unauthorized devices and then sold to customers. But the newly released police figures suggest the operation was larger in scope."
Silicon Angle (March 9, 2021) Security startup Verkada breached as hackers gain access to 150,000 camera feeds
"Verkada Inc., a Silicon Valley-funded security camera startup, has suffered a data breach with hackers reportedly able to gain access to 150,000 live camera feeds from companies, jails, police departments and schools.
The data breach was led by an 'international hacker collective' and intended to show the ease with which systems could be broken into, a spokesperson for the collective Tillie Kottmann told Bloomberg today.
Kottmann has been linked to previous hacks in the past, including releasing data stolen from Intel Corp. in August. Kottmann said its reasons for hacking are 'lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it.'"
Cyberscoop (March 9, 2021) South Korean cops arrest GandCrab suspect
"South Korea’s National Police Agency said Tuesday that it had arrested a suspect involved in the distribution of thousands of emails laced with GandCrab, a once-prolific strain of ransomware.
The suspect, whom South Korean authorities did not name, is accused of setting up internet domains to distribute the malicious code and netting some $10,500 from the ransomware attacks.
The police statement described an investigation spanning two years and 10 countries, culminating in the suspect’s arrest on Feb. 25. Those police resources overcame the suspect’s efforts to cover their tracks by using IP addresses from different countries, police said. The investigation began when South Korean officials spotted malicious emails impersonating the police to distribute the ransomware."
Cyberscoop (March 9, 2021) Spanish labor agency suffers ransomware attack, union says
"A ransomware attack has affected IT systems at a Spanish government agency that manages unemployment benefits, disrupting 'hundreds of thousands' of appointments at the agency, a Spanish labor union said Tuesday.
The cyberattack on Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments, according to the Central Independent Trade Union and Civil Servants. The union alleged that the SEPE had aging IT systems that the agency had not upgraded.
SEPE plays an integral part in distributing unemployment benefits in a country where the coronavirus pandemic has hammered the economy. The number of jobless people in Spain is now 4 million, its highest rate in five years, according to official data. But SEPE Director Gerardo Gutiérrez said an interview with Spanish broadcaster RNE that the incident had not affected unemployment benefits, and that it has not led to the theft of personal data."
Other Industry News
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.